Password security

[Steven Alexander <alexander.s () MCCD EDU>]

Hello Everyone,

I recently wrote a few posts about password security that I think (hope) will be of interest to the list.  One of my 
primary motivations for writing these posts is that a lot of the advice/best practices that we have seem to be folk 
wisdom.  Is 8 characters really a good minimum password length?  Why not 7, or 9, or 15?

The posts are on my blog at http://bugcharmer.blogspot.com .  I'm planning to write more on various application 
security issues, but everything I have so far is about passwords.  I would love feedback, but please respond off-list 
unless you think it will be of general interest.

In case you want to jump to a specific topic, here are some additional links:

An introduction/history of password security (the post links to an article I published elsewhere)
http://bugcharmer.blogspot.com/2012/06/introduction-to-password-protection.html

What are we trying to prevent?  What is the purpose of password salting/stretching, delay timers, lockouts, etc?
http://bugcharmer.blogspot.com/2012/06/passwords-attacks-and-threats.html

How long should passwords really be?
http://bugcharmer.blogspot.com/2012/06/how-long-should-passwords-be.html

Rainbow tables aren't as powerful as people think.
http://bugcharmer.blogspot.com/2012/06/rainbow-tables-not-considered-harmful.html

Regards,

Steven Alexander Jr.
Online Education Systems Manager
Merced College
3600 M Street
Merced, CA 95348-2898
(209) 384-6191
alexander.s () mccd edu<mailto:alexander.s () mccd edu>


This email has been scanned by a Spam/Virus Firewall. If your email has been classified as Spam please contact the 
HelpDesk at (209) 384-6180.